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Question: 1 


When creating an OCI Vault, which factors may lead to select the Virtual Private Vault ? Select TWO 
correct answers 


A. Need for more than 9211 key versions 

B. Greater degree of isolation 

C. To mask PII data for non-production environment 
D. Ability to back up the vault 


Answer: BD 


Explanation: 


VAULTS 


Question: 2 


Cloud Guard detected a risk score of zero in the dashboard, what does this mean ? 


A. Risk score doesn't say anything. These are just numbers 

B. LOW or MINOR issues 

C. Larger number of problems that have high risk levels ( HIGH or CRITICAL ) 
D. No problem detected for any resource 


Answer: D 
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Explanation: 


How the Risk Score is Calculated 


1. From the Cloud Gosrd options pare! on the left. select Overview 


2 View the Risk Score tile in the top center 

e The numerk risk score is updated every 15 minutes, and reflects the total number of problems 
that Coud Guard hes Getected, the risk level cf each problem, end the types of resources 
tnveved 
Oferent Categories Of resources sre More sensitive to security threats and thet sensitivity 
weights the scoring For example. users (IAM) and buckets are considered more sensitive 
based an factors such as how easy they are to access and Now they Can be used as à target of 
attack 


pen the protierns and the resources invobved are less sensitive. à large 


number of protlems doesn? produce a high risk score 


© Best prectice for security is to give priority to addressing the problems mith the highest risk 
levets, that Cioud Guard Getects on the most sensitive resources Following this best prectxe 
siso productes the greatest reduction in the risk score. 


Question: 3 


With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select 
TWO correct answers. 


A. Any port scanning must be performed in an aggressive mode 

B. Physical penetration and vulnerability testing of Oracle facilities is prohibited 

C. Testing should target any other subscription or any other Oracle Cloud customer resources 

D. You are responsible for any damages to Oracle Cloud customers that are caused by your testing 
activities 


Answer: BD 


Explanation: 
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Rules Of Engagement 
k 
The following rules of engagement apply to cloud penetration and vulnerability testing: 


` — 
e You must not conduct any tests that will exceed the bandwidth quota or any other subscribed resource for your subscription. 


© You are strictly prohibited from utilizing any tools or services in a manner that perform Denial-of-Service (DoS) attacks or 
simulations of such, or any “load testing” against any Oracle Cloud asset including yours. 


* Any port scanning must be performed in a non-aggressive mode. 

© You are responsible for independently validating that the tools or services employed during penetration and vulnerability testing do 
not perform DoS attacks, or simulations of such, prior to assessment of your instances. This responsibility includes ensuring any 
contracted third parties perform assessments in a manner that does not violate this policy. 

© Social Engineering of Oracle employees and 

© You must not attempt to access another customer's environment or data, or to break out of any container (for example, virtual 

machine). 

Your testing will continue to be subject to terms and conditions of the agreement(s) under which you purchased Oracle Cloud 

Services, and nothing in this policy shall be deemed to grant you additional rights or privileges with respect to such Cloud Services. 

© If you believe you have discovered a potential security issue related to Oracle Cloud, you must report it to Oracle within 24 hours by 
conveying the relevant information to My Oracle Support. You must create a service request within 24 hours and must not disclose 
this information publicly or to any third party. Note that some of the vulnerabilities and issues you may discover may be resolved by 
you by applying the most recent patches in your instances. 


© In the event you inadvertently access another customer's dats, you must immediately terminate all testing and report it to Oracle 


eile Bsn 
LA 


Question: 4 


How can you establish private connectivity over two VCN within same OCI region without traversing 
the traffic over public internet ? 


A. NAT Gateway 

B. Data Guard 

C. Remote VCN Peering 
D. Local VCN Peering 


Answer: D 


Explanation: 
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+ Local VCN peering 


can be in the same tenancy or in different tenancies. 


+ Remote VCN peering 


. You can set up peering between two VCNs in 
different regions by configuring a remote peering connection (RPC) on each of the 
dynamic routing gateways (DRG) attached to the VCNs in the peering relationship. 
Remote VCN peering is generally used to connect two VCNs across regions in the same 
: In certain scenarios, you might need to connect VCNs in two different 


NES SEA 


Question: 5 


Which security issues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct 
answers 


A. Distributed Denial of Service (DDoS) 

B. Ports that are unintentionally left open can be a potential attack vector for cloud resources 
C. SQL Injection 

D. CIS published Industry-standard benchmarks 


Answer: BD 


Explanation: 


Scanning Overview 


Oracle Vulnerability Scanning Service helps improve your security posture in Oracle Cloud by routinely 
checking hosts for potential vulnerabilities. The service generates reports with metrics and details about 
these vulnerabilities. 


The Scanning service can identify several types of security issues in your compute instances @: 


. 
enable hackers to exploit Aher vulnerabilities. 

+ OS packages that require updates and patches to address vulnerabilities 

¢ OS configurations that hackers might exploit 

+ Industry:standard benchmarks published by the Center for Internet Security (CIS). 
The Scanning service checks hosts for compliance with the section 5 (Access, Authentication, and 
Authorization) benchmarks defined for Distribution Independent Linux +. 
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